May 3, 2024 at 05:45AM The U.S. government issued a cybersecurity advisory about North Korean threat actors using spear-phishing campaigns to gather intelligence. They exploit weak DMARC policies to send spoofed emails, targeting foreign policy experts. The group, known as Kimsuky, engages targets in prolonged, benign conversations to build trust and uses fake email addresses … Read more
April 11, 2024 at 06:05PM MITRE will add two sub-techniques to ATT&CK database, exploited by North Korean threat actors. TCC manipulation involves Apple macOS application permissions. “Phantom” DLL hijacking exploits nonexistent DLLs in Windows. These techniques allow hackers to gain privileged access and perform espionage. It’s crucial to keep SIP enabled and monitor DLL loading … Read more
January 5, 2024 at 11:15AM Cybersecurity researchers have identified a new Apple macOS backdoor called SpectralBlur, attributed to North Korean threat actors. It has capabilities such as uploading/downloading files and running shell commands. The malware shares similarities with KANDYKORN, showcasing the growing focus of North Korean threat actors on macOS, particularly in cryptocurrency and blockchain … Read more
November 28, 2023 at 12:06AM The Lazarus Group, a North Korean threat actor, has been observed combining elements from two separate macOS malware strains, RustBucket and KANDYKORN. They are using RustBucket droppers to deliver the KANDYKORN malware. Another macOS-specific malware called ObjCShellz has also been linked to the RustBucket campaign by cybersecurity firm SentinelOne. This … Read more
November 21, 2023 at 04:18PM North Korean threat actors are engaging in deceptive tactics on the internet, posing as both job recruiters and job seekers. Palo Alto Networks’ Unit 42 has identified two ongoing campaigns, “Contagious Interview” and “Wagemole”, where the threat actors lure unsuspecting applicants into installing sophisticated malware or impersonate applicants to gain … Read more
October 19, 2023 at 07:06AM Multiple North Korean threat actors, including Diamond Sleet and Onyx Sleet, have been targeting vulnerable TeamCity servers using the CVE-2023-42793 vulnerability, which allows remote code execution and admin-level access. Microsoft warns that these threat actors have a history of conducting software supply chain attacks and poses a high risk to … Read more
October 19, 2023 at 03:21AM North Korean threat actors are exploiting a security flaw in JetBrains TeamCity to breach vulnerable servers. The attacks are attributed to Diamond Sleet and Onyx Sleet, both part of the Lazarus Group. The attacks involve compromising TeamCity servers and deploying known implants or malicious DLLs. Microsoft observed the use of … Read more